Cybersecurity And You ‒ The Dangers Of Unlicensed Software

Over the course of Sri Lanka’s IT history, there’s been a pretty easy-going attitude towards the use of software. As long as it worked and was cheap, no one cared where it came from. According to a survey published by The Software Alliance, Sri Lanka’s rate of unlicensed software installations was 79% in 2015. It was 83% in 2013, so while the number has gone down, it hadn’t gone down much. This can be worrying for a number of reasons. For one, the commercial value of this unlicenced software was USD 163 million, which is a loss in revenue that software manufacturers had to bear. The other issue is that pirated software creates massive vulnerabilities in your systems.

Pirated software, the websites that host them, and peer-to-peer networks where they are commonly shared, are all hosts for malware and malicious code such as trojans, viruses, keystroke-capturing software, spyware and ransomware, just to name a few. A report by the International Data Corporation (IDC) published in 2013 has the following statistics:

  • 36% of downloaded pirated software includes malicious code
  • 20% of pirated CDs and DVDs infects the host PC with software trojans
  • 15% of software coming through normal delivery channels were improperly licensed

In essence, unlicensed computer software has a very high likelihood of containing malicious software.

The Threat Of Malicious Software

Using pirated software undermines a computer’s security. Installing this software opens it up to malware that will compromise data, jeopardise the network, or create issues that are even more serious in nature. Compromised security leads to damages and vulnerabilities that in the end cost far more than the money saved by illegally downloading software.

Unlicensed software compromises a system’s security. Image courtesy

There is absolutely no guarantee when using pirated software that your data and activity will not be used by criminals who may steal your identity, sensitive information, track your communications, and display unwanted advertising.

Recently, malicious software has come to the forefront of media attention with the sudden rush of high profile ransomware attacks. Ransomware attacks are carried out through a trojan virus disguised as a legitimate file that a user is tricked into installing. The program then encrypts the data on a victim’s computer and keeps it that way until a ransom is paid. But there is also no guarantee that the attackers will then release the data after collecting the ransom.

“Over the last four years, ransomware has evolved into one of the biggest cybersecurity threats in the wild, with instances of ransomware in exploit kits increasing 259% in the last five months alone,” said Nathan Scott, Senior Security Researcher at Malwarebytes and ransomware expert. A report entitled “State of Ransomware” was sponsored by Malwarebytes and conducted by Osterman Research to explore the impact of these attacks.

Findings state that 46% of all ransomware attacks originate from email, and nearly 60% of all attacks in the enterprise demand over USD 1,000 and 20% demand over USD 10,000 in ransom. Healthcare and financial services were the most targeted industries.

The WannaCry worm was probably the most recent and devastating of these ransomware attacks. Beginning on May 12, 2017, the attack infected more than 230,000 computers in over 150 countries within a day. It didn’t even need to travel via email, but exploited unsupported windows operating systems like Windows XP and Windows 7. The manufacturer support cycle for these operating systems ended before the arrival of WannaCry, which is why migrating to a new licensed operating system was recommended.

The Cost

In 2015, nearly 80% of U.S. companies have suffered a cyberattack and more than half, a ransomware incident. The report states that of the attacks, over 60% of them required more than 9 hours to fix. For the healthcare industry, this can be disastrous and put lives at risk. Also, 72% of organisations attacked that didn’t pay the ransom lost their files. The costs of attack by malicious software can be debilitating to a business.

There are other costs to bear, as well. In Sri Lanka, using pirated software is very much illegal. Under clause 178 of the Intellectual Property Act No. 36 of 2003 which refers to the infringement of copyrights, offenders shall be liable on conviction by a magistrate for a fine of up to LKR 500,000, or to imprisonment for a period of six months in jail, or even both.

Seven years ago, the CID established the Anti-Piracy and Counterfeit Unit (APCU) and has since carried out a series of raids on businesses suspected of infringing the intellectual property rights of software manufacturers such as Adobe and Microsoft.

In short, the costs for using pirated software are high. If you download it, your business can be put at risk through malicious software stealing and corrupting data. If you get caught using it, you can face large fines or jail time.

What You Can Do

As a business, it is important to avoid piracy at all costs. Businesses must maintain strict policies and should encourage employees to not download or use intellectual property obtained illegally. It is important to make employees take personal responsibility for the content on their workstations.

Users should also follow the golden tenant of safe internet use—don’t click it if you don’t know what it is. You should refrain from downloading and running suspicious files.

Using genuine software adds extra layers of protection. Frequent security updates and patches close up vulnerabilities that allow attackers access to files. Unlicensed software prevents such support from manufacturers. Pirating software is really not worth the risks that come with it. In this case, doing the right thing is also the safer and more logical course of action. It shouldn’t be hard to decide.

Featured image courtesy

Related Articles